Quest's Office 365 and Azure Active Directory Management Service Now Available

Quest this week has made live new cloud-based solutions for managing Azure Active Directory implementations and Office 365 applications.

There are three new "modules" that are part of the new "Quest On Demand" (PDF) software-as-a-service (SaaS) portfolio that was launched today. The "Policy Management for Skype for Business Online" and the "Policy Management for Exchange Online" modules provide centralized management capabilities for those applications. There's also a new "Recovery for Azure AD" module that offers granular restore capabilities for Azure Active Directory users.

Quest On Demand is a new SaaS platform that has been at the preview stage since March. Today, it's ready for commercial use, along with the new modules. The platform is "100 percent born in the cloud" and runs on Microsoft Azure infrastructure, according Michael Tweddle, president and general manager of the Quest Microsoft Platform Management Business Unit.

Previously, Quest has had success helping organizations move to Office 365 services. It's also provided support for "hybrid" customers that manage on-premises infrastructures along with Office 365 services.

"When you look at just our portfolio, we have about 150 million Active Directory accounts under management," Tweddle said. "We have just over a 100 million accounts that are being covered and secured by our auditing solutions. We've migrated over 85 million Active Directory accounts."

The new SaaS platform will make it easier for organizations to track changes in Active Directory that can also be used with Azure Active Directory, and it can be done in an auditable fashion, he said.

Quest has broader plans for its SaaS platform and plans to add additional modules over time, such as audit, license management and migration modules.

"On Demand will be that SaaS offering that we build around for the future," said Brad Kirby, director of product management at Quest.

He described two key goals for On Demand. One of them will be to drive a unified customer experience that will make management easier than in the past. The On Demand platform has a unified RESTful API that allows organizations to interact programmatically with the platform, he added. The other goal is interaction between modules within the ecosystem.

"So you can imagine, over time, that there's an audit portion that picks up that some changes happen, and I can immediately launch it to the recovery portion of the platform and roll back that change if that's something I want to do," Kirby explained.

Examples of what can be done with the new modules include creating a set of policies that restrict individuals from sending documents outside an organization when using Exchange Online. It's possible to set Skype for Business Online policies that restrict office workers to using the cheaper VoIP service instead of the public switched telephone network (PSTN).

"So essentially it's all about being able to apply a set of rules to a group or user that determines what they can do," Kirby said. "And then, as they migrate from group to group within your organization, … they would receive the set of policies appropriate to that group."

Organizations can set mailbox retention policies, Active Sync policies, and even whether end users can use a Web client, he added. Quest has taken aspects of its Recovery Manager for Active Directory product and applied it to Azure Active Directory. So, while Microsoft's retention policy for deleted users is just 30 days, Quest makes it possible to restore deleted accounts beyond that limit.

Kirby said that organizations typically have to use PowerShell today to make such configurations, and "so you have to have the experts on staff." Quest took the effort to simplify the user interface for organizations. The policies, once set up, become self-enforcing, and it's possible to prove to an internal or external auditor that the policies have been applied, he added.

"I think Microsoft has done a good job with some of their admin portals, but they can't do everything," Kirby said. "If you look at some of the capabilities that they provide for setting policies, they're pretty rudimentary."

Quest On Demand modules are standalone SaaS applications. Today, they do not integrate directly with the Microsoft Operations Management Suite (OMS), which is Microsoft's management service for cloud workloads. It's something that Quest has contemplated, though, Kirby said.

The subscription-based Quest On Demand service requires an annual contract at minimum, with three-year contracts being the maximum term. The service is offered via annual, quarterly and monthly billing.

Quest is not part of Dell, although Dell had announced plans to buy Quest back in 2012. Quest is an independent software company backed by Francisco Partners and Elliott Management, consisting of four business units. It has a Data Protection and KACE segment. There's a Security and Identity and Access Management (One Identity) unit. Another segment is Information Management, plus there's a Microsoft Platform Management unit.